Endpoint Protection

 View Only
Back to Library

Debugging Symantec Endpoint Protection (SEP) with Dr.Watson 

May 28, 2009 12:48 PM

Procedure:

  1. Start > Run > drwtsn32
  2. The Location: “C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson” is where we have Dr. Watson logs generated
  • drwtsn32.log (basic application & process log)
  • user.dmp (CRASH DUMP)
imagebrowser image

How to obtain an Application Dump File using Dr. Watson ?

  1. Number of instructions should be set to 100
  2. Crash Dump Type should be set to FULL
  3. Enable Checkbox for:
  • Dump Symbol Tables
  • Dump All Thread Contexts
  • Create Crash Dump File
How to obtain an Application Dump File using Dr. Watson ?
  1. Finding out what tool is currently used as a “default application exception handler” can be obtained by looking at the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug 
  2. If this is set to drwtsn32 then nothing needs to be done. If another tool is there you will need to reset it to Dr. Watson. This is done by doing the following
  • Click Start, and then click Run.
  • Type drwtsn32 -i, and then click OK
Use of Dr.Watson to force a kill for OK TO END process in SEP

  1. DR. WATSON can also be used to KILL a non-responsive process
  2. Example: 
  • Start > Run
  • Type drwtsn32 –p lucallbackproxy.exe OR
  • Type drwtsn32 –p 1024 (process ID)

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Sep 28, 2010 04:41 AM

nice article

Migration User
Jun 09, 2009 06:38 PM

Dr. Watson is an inbuilt windows debugging Tool. It gets installed as a pre-installed application with the OS

http://support.microsoft.com/kb/308538

So the steps to open the same would be:

Start > Run > drwtsn32

Thanks :)

Migration User
Jun 09, 2009 04:59 PM

this article is really amazing; but can you please guide as to where can i download this exe?

Related Entries and Links

No Related Resource entered.